OKIEHABU NetBarrier X3 v10.3.7 NetBarrier provides basic protection in 'Client only' mode; but I learned the hard way that the latter setting cannot prevent IGMP packets from accessing certain ports — one apparently being 47807, which is used by iCalendar for network access. It was also used by some bad guys recently to install a trojan in my G5. I know this because I ran a port scan on 127.0.0.1 using the OS X Network Utility, and 47807 came up open. After finally wising up as to how they were getting to me, I formatted the drive and then began writing rulesets in NetBarrier's 'Customized' view. Now the unauthorized penetrations have stopped. Advising others of rulesets which may or may not be appropriate for their specific situation is risky business; yet for people like me who use dialup and are not affiliated with any network — i.e., just plain 'ol home users — there are a couple of hard and fast rules that'll save your bacon. 1. [TCP In] (Connected Services) (Block: Port Range 1~ 65535) (Try to write 0 ~ 65535. . . see if NB will accept it. Hackers are commonly soliciting Port 0; although so far NB has blocked all Port zero attacks to my machine while set to block port range 1 ~ 65535). 2. [IGMP In] (Any type) —————————— (Block) 3. [ICMP In] (Any type) —————————— (Block) 4. [UDP In] (mDNS-Multicast/SLP ———— (Allow: mDNS P: 5353; SLP P: 427) (Using 2-part rule) 5&6. [NTP In/Out] (From Add ruleset) (Allow P:123) Note: I believe NTP (Network Time Protocol) may be exploitable. So it's a good idea to define the parameters for that protocol in a hard and fast rule, designating Port 123, which is the standard NTP port. That will prevent spoofing of NTP through other ports to "reset your clock, haha." 7&8. [DNS In/Out] (From Add ruleset) (Allow P:53) 9. [All Remaining Protocols] (UDP In) (Block: Port range 1 ~ 65535) Now they can't use IGMP to hack my apps. . . nor are they able to use ICMP to map an attack. Most inbound hits these days are UDP-based, directed to P: 1026 or 1027. Are you logging UDP hits to those ports? YOU SHOULD BE! Rule # 9 stops 'em in their tracks. You should also determine the addresses of YOUR primary and secondary DNS servers from the ISP and enter them into your network folder under the TCP/IP tab (OS X). Allowing your computer to resolve addresses by the 'seat of the pants' method — searching for the best DNS, may be hazardous. Do you completely trust every domain server on the spine? NetBarrier is a good quality product that unfortunately is in the hands of some very greedy people. It's the same old story. That's why I stopped eating french fries. Guess some things just never change. . . (Version 10.4.1) |